Illegal data sharing by Grindr
By Thomas Vink, 17th August 2022
In December 2021, the Norwegian Data Protection Authority (DPA) issued an administrative fine of NOK 65 million (around EUR 6.5 million) against dating app Grindr for disclosing personal information about users to third parties for behaviour-based marketing without a legal basis. The decision followed complaints against Grindr and five adtech companies written by None of Your Business (noyb) and filed by the Norwegian Consumer Council (NCC) in January 2020.
On February 14, 2022, Grindr lodged an appeal against the DPA’s decision, with the appeal being reviewed by the Privacy Appeals Board. NCC together with partners such as noyb, Norwegian law firm Hjort and with assistance from cyber security firm mnemonic are aiming to ensure that the original decision is upheld throughout the appeals process. Meanwhile, NCC are also following up on the progress of the complaints against adtech companies Mopub, Xandr, Open X, Smaato and AdColony in the same case complex.
Illegal data sharing by Grindr
Organisation Name
Norwegian Consumer Council, Forbrukerrådet
Country/Jurisdiction
Norway
Amount Granted
EUR 46,813
Current Status
Case won
Grant type
Litigation Track Support
Description
In December 2021, the Norwegian Data Protection Authority (DPA) issued an administrative fine of NOK 65 million (around EUR 6.5 million) against dating app Grindr for disclosing personal information about users to third parties for behaviour-based marketing without a legal basis. The decision followed complaints against Grindr and five adtech companies written by None of Your Business (noyb) and filed by the Norwegian Consumer Council (NCC) in January 2020.
On February 14, 2022, Grindr lodged an appeal against the DPA’s decision, with the appeal being reviewed by the Privacy Appeals Board. NCC together with partners such as noyb, Norwegian law firm Hjort and with assistance from cyber security firm mnemonic are aiming to ensure that the original decision is upheld throughout the appeals process. Meanwhile, NCC are also following up on the progress of the complaints against adtech companies Mopub, Xandr, Open X, Smaato and AdColony in the same case complex.
On 29 September 2023, the Norwegian Privacy Appeals Board (Personvernnemnda) announced that it upholds the Norwegian Data Protection Authority’s fine, affirming that Grindr’s practice of sharing sensitive personal data with third parties is illegal.
"the Norwegian Data Protection Authority issued an administrative fine of NOK 65 million against dating app Grindr for disclosing personal information about users to third parties"
Strategic Goal
To end illegal surveillance advertising and hold the entities responsible to account.
Media and related links
Organisation Name
Women’s Link Worldwide
Image credit: Norwegian Consumer Council